Can't download move.simple.com direct deposit transition PDF: Non use…

…r-triggered activations of anchors that have a download attribute are ignored

https://bugs.webkit.org/show_bug.cgi?id=165148
<rdar://problem/29421771>

Reviewed by Daniel Bates.

Source/WebCore:

We were ignoring non user-triggered activations of anchors that have a
download attribute which is stricter than Chrome and Firefox and breaks
downloads on move.simple.com. This patch relaxes our policy to allow
simulated clicks on such links, similarly to other browsers.

Web authors can anyway already trigger downloads using script by setting
window.location to a specific URL and serving to right HTTP headers to
trigger a download.

Note that our previous behavior matches the current version of the
specification so I also filed a bug against the HTML specification to
see if we can get it changed to match the behavior of browsers:
- whatwg/html#2116

No new tests, updated existing test.

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):

LayoutTests:

Update existing test to reflect behavior change.

* fast/dom/HTMLAnchorElement/anchor-download-synthetic-click-expected.txt:
* fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@209091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog

@@ -1,3 +1,16 @@
+2016-11-29  Chris Dumez  <cdumez@apple.com>
+
+        Can't download move.simple.com direct deposit transition PDF: Non user-triggered activations of anchors that have a download attribute are ignored
+        https://bugs.webkit.org/show_bug.cgi?id=165148
+        <rdar://problem/29421771>
+
+        Reviewed by Daniel Bates.
+
+        Update existing test to reflect behavior change.
+
+        * fast/dom/HTMLAnchorElement/anchor-download-synthetic-click-expected.txt:
+        * fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html:
+
 2016-11-29  Eric Carlson  <eric.carlson@apple.com>
 
         [MediaStream] Don't request user permission for a device if it has already been granted in the current browsing context

LayoutTests/fast/dom/HTMLAnchorElement/anchor-download-synthetic-click-expected.txt

@@ -1,6 +1,8 @@
-CONSOLE MESSAGE: line 22: Non user-triggered activations of anchors that have a download attribute are ignored.
-Test that synthetic clicks on an anchor with a download attribute are ignored.
+Download started.
+Downloading URL with suggested filename "foo.pdf"
+Download completed.
+Test that synthetic clicks on an anchor with a download attribute are not ignored.
 
-This test passes if you do not see any 'Download started' message above.
+This test passes if you see a 'Download started' message above and if the suggested filename is foo.pdf.
 
 Blob URL

LayoutTests/fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html

@@ -9,9 +9,9 @@
 </script>
 </head>
 <body>
-<p>Test that synthetic clicks on an anchor with a download attribute are ignored.</p>
-<p> This test passes if you do not see any 'Download started' message above.</p>
-<a id="blob-url" download>Blob URL</a>
+<p>Test that synthetic clicks on an anchor with a download attribute are not ignored.</p>
+<p> This test passes if you see a 'Download started' message above and if the suggested filename is foo.pdf.</p>
+<a id="blob-url" download="foo.pdf">Blob URL</a>
 <script>
 function runTest()
 {

Source/WebCore/ChangeLog

@@ -1,3 +1,30 @@
+2016-11-29  Chris Dumez  <cdumez@apple.com>
+
+        Can't download move.simple.com direct deposit transition PDF: Non user-triggered activations of anchors that have a download attribute are ignored
+        https://bugs.webkit.org/show_bug.cgi?id=165148
+        <rdar://problem/29421771>
+
+        Reviewed by Daniel Bates.
+
+        We were ignoring non user-triggered activations of anchors that have a
+        download attribute which is stricter than Chrome and Firefox and breaks
+        downloads on move.simple.com. This patch relaxes our policy to allow
+        simulated clicks on such links, similarly to other browsers.
+
+        Web authors can anyway already trigger downloads using script by setting
+        window.location to a specific URL and serving to right HTTP headers to
+        trigger a download.
+
+        Note that our previous behavior matches the current version of the
+        specification so I also filed a bug against the HTML specification to
+        see if we can get it changed to match the behavior of browsers:
+        - https://github.com/whatwg/html/issues/2116
+
+        No new tests, updated existing test.
+
+        * html/HTMLAnchorElement.cpp:
+        (WebCore::HTMLAnchorElement::handleClick):
+
 2016-11-29  Andy Estes  <aestes@apple.com>
 
         [Cocoa] Enable two clang warnings recommended by Xcode

Source/WebCore/html/HTMLAnchorElement.cpp

@@ -383,14 +383,6 @@ void HTMLAnchorElement::handleClick(Event& event)
             downloadAttribute = attributeWithoutSynchronization(downloadAttr);
         else if (hasAttributeWithoutSynchronization(downloadAttr))
             document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "The download attribute on anchor was ignored because its href URL has a different security origin.");
-        // If the a element has a download attribute and the algorithm is not triggered by user activation
-        // then abort these steps.
-        // https://html.spec.whatwg.org/#the-a-element:triggered-by-user-activation
-        if (!downloadAttribute.isNull() && !event.isTrusted() && !ScriptController::processingUserGesture()) {
-            // The specification says to throw an InvalidAccessError but other browsers do not.
-            document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Non user-triggered activations of anchors that have a download attribute are ignored.");
-            return;
-        }
     }
 #endif